SecuriQ: Everything to Nobody

Several anti-virus products have siblings which block web access, check
for objectionable words, and reach beyond the domain of email. SecuriQ
seeks to do so all in one product. I'm not sure whether to say it's not
quite there yet, or that it simply falls quite short of the mark, or maybe
that I just speak a different language than the folks who designed this
product.

Installation
While a nice bound installation guide came with my product CD-ROM and
evaluation license, and the installation process was really quite simple,
it failed. The instructions did not specify service pack levels for Win
2K or Exchange 2000 so I provided SP2 for Win2K and SP1 for Exchange,
and tested them by sending a few emails before installing SecuriQ. While
the installation process completed, and told me everything was fine, launching
the product popped up four messages about not finding the resource dll.
As you might imagine, when the product console opened all the user interface
text was as absent as fried pickles from a northern barbeque, along with
any hope of usability. Help did eventually arrive in the form of an emailed
checklist, phone calls, and eventually a just-slightly-pre-release-version
1.1 CD-ROM. Communications weren't easy to get started though; seems they
were having trouble with their mail server. (David, too, had trouble installing;
in his case, the problem turned out to be that the IIS folder for SecuriQ
had to be set to "execute scripts only.")

DocumentationFinally, a real product to look at, with all its pieces and parts.
But, what's this? The help files are in German? I think we're taking this
multi-language business a bit too strongly here. It's great that many
products are available in multiple languages, but I hope this isn't a
trend. I'm having trouble learning a little bit about XML, SOAP, C# etc,
without worrying that my admin chores will now require me to be multilingual.
Fortunately, email came to the rescue, and I received help files in my
native tongue. Trouble is, the help files weren't very helpful in English
either. Some instructions were there, but maybe my brain is just too old
and befuddled, as I had a hard time figuring out just how to get things
up and running.

Provisions
When you first load the product, nothing happens. SecureiQ, has several
components, and they work via rules you compose:

secureiQ.Safe: Archives encrypted copies of email and allows access
only to approved personnel. You use rules to configure it to be selective
in the process of capturing both incoming and outgoing email, encrypting,
signing and storing the results in Exchange public folders.

secureiQ.Trailer: Attaches security notes (disclaimers, company information,
pictures and logos) to email. Which notes go with which emails? Well,
you write the rules to determine which users get which.

secureiQ.Wall: Blocks spamagain, rules are your tools.

secureiQ.Watchdog: Call me stupid, but it appears you must have purchased
anti-virus products from other vendors and then you can manage them
here. At least I saw no configuration for downloading of new signatures
and other basic antiviral scanner processes.

SecuriQ's help installed in German on my systemjust
one of several problems we had during installation of this product.
(Click image to view larger version.)

Cruel toolsI guess I'm just spoiled. I want to load an anti-virus product
and get at least basic functionality right out of the box. With SecureiQ,
you have to work first to understand the process, then you must figure
out how to write rules so that you can enable them and then create jobs
composed of rules which will then run and keep your network safe. Security
is not an easy task 'tis true, but this product makes it more difficult
than it has to be.

ResultsI did get some rules written, created a job, and blocked some attachments,
but I was reminded of my first attempts at writing SQL queries. Writing
my first packet filters on a router was easier than this. Part of the
problem was the amount of time it took me to figure out that what I was
supposed to do. A simple 'hey, first you write rules, then you create
a job, then you run it' statement followed by a step-by-step approach
in the help files would have been useful. Another part was my desire to
see how this vendor utilized the new anti-virus API 2.0since there
doesn't seem to be an on-board antiviral scanner, there couldn't be any
usage of the API. If there is a scanner, and there is use of the API,
its so well hidden that even my virus scanning tests couldn't find it.
I kept having the thought that this may truly be a very powerful tool
in the hands of someone willing to invest the time to learn its tricks.
Unfortunately, that person is not me.

About the Author

Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.